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«title DOD_ERAPAT = Generate DoD security erase patterns 
- ident 870% 000" F 2 


PARRA AAAARAAAAAAALALLALAASLALLLALALAL EASELS EERE REESE EEE SEES REECE 


COPYRIGHT (c) 1978, 1980, 1982, 1984 BY 
DIGITAL EQUIPMENT CORPORATION, MAYNARD, MASSACHUSETTS. 
ALL RIGHTS RESERVED. 


® 
& 
7 
® 
® 
THIS SOFTWARE IS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED + 
ONLY IN ACCORDANCE WITH THE TERMS OF SUCH LICENSE AND WITH THE 
INCLUSION OF THE ABOVE COPYRIGHT NOTICE. THIS SOFTWARE OR ANY OTHER 
COPIES THEREOF MAY NOT BE PROVIDED OR OTHERWISE MADE AVAILABLE TO ANY © 
OTHER PERSON. NO TITLE TO AND OWNERSHIP OF THE SOFTWARE IS HEREBY * 
TRANSFERRED. : 
® 
THE INFORMATION IN THIS SOFTWARE IS SUBJECT TO CHANGE WITHOUT NOTICE * 
® 
e 
® 
® 
* 
® 
® 
® 


AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY DIGiTA L EQUIPMENT 
CORPORATION. 


DIGITAL ASSUMES NO RESPONSIBILITY FOR THE USE OR RELIABILITY OF ITS 
SOFTWARE ON EQUIPMENT WHICH IS NOT SUPPLIED BY DIGITAL. 


* eseeeeee ee eee e eee eeene 
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Facility: 
VMS Executive 

Abstract: 
This routine generates epcar vey erase patterns which are used by user 
written programs to preclude the unauthorized disclosure of classified 
information. 

Envrionment: 
VAX/VMS, Kernel Mode 

Author: i 
Michael T. Rhodes, Creation Date: October, 1982 

Modified By: 


v03-001 JRLO023 John R. Lawson, Jr. 10-Jul-1984 14:23 
Add interface to the system. 
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-sbttl Declarations 


SERADEF ; Define function codes 
SSSDEF Define status codes 


: Equated symbols: 


TYPE = 4 ; Offset to TYPE parameter (value) 
COUNT = 8 ; Offset to COUNT parameter (value) 
PATADR = 12 ; Offset to PATADR parameter (address) 


: Assumptions: 


ASSUME ERASK_MINTYPE EQ 1 
ASSUME ERASK-MAXTYPE EQ 3 


ASSUME ERASK_MEMORY EQ 1 
ASSUME ERASK DISK EQ 
ASSUME ERASK~ “TAPE EQ 


. e 
-sbttl Loadable image header and trailer 


+ 
> 


Loader Information: 


3 ot time, SYSBOOT.EXE checks the SYSGEN parameter LOADERAPT 
<SGN V_LOADERAPAT); if it is set, this image ngets loaded from 
SYSSSYSTEM: :ERAPATLOA, EXE. There must exist, in the image, certain 
ickerass ton for the loader; these two PSECT's supe Ly that info. 


Linking this Object: 


3 MMO SD ERAPAT SYSECYSTENSSYS Sib soctoct ine ceeene :ERAPATLOA - 
D_ERAPAT YSSSYSTEM:SYS.STB/selective_search 


The /SYSTEM qualifier guaratees that the PSECT's will be ordered 
scat —o he image, forcing $$355558 to be first and 
o be last. 


; This table must appear at the beginning of the image 


-psect $$$SS$$$ page, pic : In a system inage, the PSECT's 
: ere ordered alphabetically 
PRMSW = 1 ; Flag to indicate loadable code 


= 
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; This table directs SYSBOOT.EXE for loading the rest of this image 


SLVTAB eet reese reas NON_PAGED,= ; Non=paged pool 
end=D0D_ERAPATSEND, = ; Computed size of image 
sysvecs=VECTORSS,-=- ; Vector into the routine 
prot_w=PRT$C_URKW,=- ; Page protection 
facility=<DoB Security Erase> ; What is this? 


: These vectors replace the default ones in SYS.EXE 
VECTORSS: ; Vector table 
LOADVEC EXESERAPAT_VEC,5,,DOD_ERAPATS 
-long -=-1 ; Terminated by -1 
; This Label must appear at the end of the image 
-psect byte, pic 
DOD_ERAPATSEND: : 


“page : 
-sbttl SERAPAT System Service 


++ 
; SERAPAT 

: Functional Description: 

; To preclude the unauthorized disclosure of classified information, 
r the caller iteratively invokes the SERAPAT system service. Upon 
3 each invocation, the user increments the iteration count and the 
3 service returns an erasure pattern _ either SS$_NORMAL or 
3 eee pti (which indicates the declassification procedure is 
; complete). 


Calling sequence: 
This routine should be called via a CALLS/G to EXESERAPAT. 
Input: 
TYPE (AP) Security erase type. The legal types are 
1. ERASK_MEMORY : main memory 
(volatile r/w semiconductor) 
- ERASK_DISK =: disk storage 
- ERASK_TAPE : tape storage 


COUNT (AP) Iteration count. The service should be called 


Bee Se Oe Be Be Oe Se Se Ge Ge Be Ge Se 


e@enteeee eee ee eee eee eeenene 
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Output: 


PATADR (AP) 


Routine value: 


RO = SS$_ACCVIO 


M 6 
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the first time with the vaiue 1, then 2, etc., 

until the status SS$_NOTRAN is returned. The 
— symbol MAXCOUNT defines how many times this 
appens. 


Address of a longword into which the security 
erase pattern is to be written. 


Pattern output area not accessible 


SS$_BADPARAM Invalid security type code 

SS$_NORMAL Normal successful completion 

SS$_NOTRAN Security erase complete 
-page 


-sbttl Data necessary for routine 
-psect SDATAS long, pic 


> Own Storage: 


COUNTSS$: 


-long 1 ; Main Memory iteration count 

-long 3 ; Disk Storage iteration count 

-long 2 ; Tape Storage iteration count 
PATTERNSS: ; Storage type erasure patterns 

-long 0 ~.  ¢ Main memory erase pattern 

- long ; Disk Storage erase pattern 


1 
-long “XDB6DB6DB Tape Storage erase pattern 


-page 

Sbetl Routine to generate the erase patterns 

-psect SCODE$S Long, pic 

: Routine to return erase patterns: 

DOD_ERAPATS: ; SERAPAT entry point 


pushr “M<ri> ; Save registers 


: Check the values of the parameters ... 


N 
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movzwl #SS$_BADPARAM, r0 ; Assume bad parameters 
cmp COUNT(ap), #0 3 Is count too small? 
bleq EXIT ; Branch if yes 
cmpl «TYPE (ap), #ERASK_MINTYPC ; Type code too small? | 
blss x ; Branch if yes 
cmpl TYPE (ap), #ERASK_MAXTYPE : Type code too large? 
bgtr EXIT ; Branch if yes 


; Use the TYPE as an index into COUNTSS and PATTERNSS | 
subl3 #1, TYPE(ap), r1 ; Vectors begin with 0 
: Signal completion by returning SS$_NOTRAN ... 


movzwl #SS$_NOTRAN, r0 ; Set completion status 
cmpl COUNT(ap), COUNTS${r1] : Are we done? 
bgtr EXIT ; Yes, return completion status 


: Is the return address for the pattern writable ??? 


movzwl #SS$_ACCVIO, r0 ; Assume access violation 
IFNOWRT #4, GPATADR(ap), EXIT ; Branch if no write access 


> Look up the appropriate erase pattern ... 


| 
movzwl #SS$_NORMAL, r0 ; Assume success at this point 4 | 
movl PATTERNS$CriJ, a@PATADR(ap) > Send back the pattern | 


: That's all folks ... | 


EXIT:  popr “M<r1> ; Restore registers 
r ; Return 


VAX/VMS V4.0 
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